Evolving security policies

As computer system size and complexity grow, formulating effective policies require more sophistication. There are many risk factors that need to be considered, some of which may be in conflict. Inevitably, unpredictable circumstances that demand decisions will arise during operation. In some cases an automated response may be imperative; in other cases these may be ill-advised. Manual decisions are often made that override the current policy and serve effectively to redefine it. This matter is further complicated in highly dynamic operational environments like mobile ad-hoc networks, in which the risk factors may be changing continually. Thus, security policies must be able to change and adapt to the operational needs. This study investigates the potential of evolutionary algorithms as a tool in determining the optimal security policies that suit such environments. This thesis reviews some fundamental concepts in related domains. It presents three applications of evolutionary algorithms in solving problems that are of direct relevance. These include the inference of security policies from decision examples, the dynamic adaptation of security policies, and the optimisation of security policies for a specific set of missions. The results show that the inference approaches based on evolutionary algorithms are very promising. The thesis concludes with an evaluation of the work done, the extent to which the work justifies the thesis hypothesis and some possible directions on how evolutionary algorithms can be applied to address a wider range of relevant problems in the domain of concern.

[1]  D. A. Beyer,et al.  Accomplishments of the DARPA SURAN Program , 1990, IEEE Conference on Military Communications.

[2]  Juan E. Tapiador,et al.  Automated design of a lightweight block cipher with Genetic Programming , 2008, Int. J. Knowl. Based Intell. Eng. Syst..

[3]  Joseph P. Macker,et al.  Mobile Ad hoc Networking (MANET): Routing Protocol Performance Issues and Evaluation Considerations , 1999, RFC.

[4]  Dominic Wilson,et al.  Using grammatical evolution for evolving intrusion detection rules , 2006 .

[5]  Jonathan D. Moffett,et al.  Control principles and role hierarchies , 1998, RBAC '98.

[6]  Ajith Abraham,et al.  Evolving Intrusion Detection Systems , 2006, Genetic Systems Programming.

[7]  Bruce Schneier,et al.  Secrets and Lies: Digital Security in a Networked World , 2000 .

[8]  Kalyanmoy Deb,et al.  Muiltiobjective Optimization Using Nondominated Sorting in Genetic Algorithms , 1994, Evolutionary Computation.

[9]  Sylvia Osborn,et al.  Role-based security: pros, cons, & some research directions , 1993, SGSC.

[10]  A. Tversky,et al.  Judgment under Uncertainty: Heuristics and Biases , 1974, Science.

[11]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[12]  John A. Clark,et al.  Automated design of security protocols , 2003, The 2003 Congress on Evolutionary Computation, 2003. CEC '03..

[13]  Lotfi A. Zadeh,et al.  Fuzzy Sets , 1996, Inf. Control..

[14]  T. C. Ting,et al.  Information sharing and security in dynamic coalitions , 2002, SACMAT '02.

[15]  A. E. Eiben,et al.  Introduction to Evolutionary Computing , 2003, Natural Computing Series.

[16]  Ian F. Akyildiz,et al.  Wireless sensor networks: a survey , 2002, Comput. Networks.

[17]  C. Darwin The Origin of Species by Means of Natural Selection, Or, The Preservation of Favoured Races in the Struggle for Life , 1859 .

[18]  Lothar Thiele,et al.  An evolutionary algorithm for multiobjective optimization: the strength Pareto approach , 1998 .

[19]  Wolfgang Banzhaf,et al.  Genotype-Phenotype-Mapping and Neutral Variation - A Case Study in Genetic Programming , 1994, PPSN.

[20]  Julian Francis Miller,et al.  Cartesian genetic programming , 2000, GECCO '10.

[21]  Dirk Thierens,et al.  Selection Schemes, Elitist Recombination, and Selection Intensity , 1997, ICGA.

[22]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[23]  Eugene H. Spafford,et al.  Applying Genetic Programming to Intrusion Detection , 1995 .

[24]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[25]  Wei Fan,et al.  Systematic data selection to mine concept-drifting data streams , 2004, KDD.

[26]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[27]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[28]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[29]  Imrich Chlamtac,et al.  Mobile ad hoc networking: imperatives and challenges , 2003, Ad Hoc Networks.

[30]  Didier Dubois,et al.  A review of fuzzy set aggregation connectives , 1985, Inf. Sci..

[31]  Marco Laumanns,et al.  SPEA2: Improving the strength pareto evolutionary algorithm , 2001 .

[32]  John A. Clark,et al.  Evolving Intrusion Detection Rules on Mobile Ad Hoc Networks , 2008, PRICAI.

[33]  Howard Robert Chivers,et al.  Security design analysis , 2006 .

[34]  Anders Krogh,et al.  Neural Network Ensembles, Cross Validation, and Active Learning , 1994, NIPS.

[35]  Kalyanmoy Deb,et al.  A Fast Elitist Non-dominated Sorting Genetic Algorithm for Multi-objective Optimisation: NSGA-II , 2000, PPSN.

[36]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[37]  David J. Montana,et al.  Strongly Typed Genetic Programming , 1995, Evolutionary Computation.

[38]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[39]  Morris Sloman,et al.  Policy driven management for distributed systems , 1994, Journal of Network and Systems Management.

[40]  Julio C. Hernandez-Castro,et al.  Wheedham: An Automatically Designed Block Cipher by means of Genetic Programming , 2006 .

[41]  Michael O'Neill,et al.  Grammatical Evolution: Evolving Programs for an Arbitrary Language , 1998, EuroGP.

[42]  Alan Burns,et al.  Real-Time Systems and Programming Languages - Ada, Real-Time Java and C / Real-Time POSIX, Fourth Edition , 2009, International computer science series.

[43]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[44]  Richard E. Barlow,et al.  Statistical Theory of Reliability and Life Testing: Probability Models , 1976 .

[45]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[46]  André Zúquete,et al.  SPL: An Access Control Language for Security Policies and Complex Constraints , 2001, NDSS.

[47]  Anne Brindle,et al.  Genetic algorithms for function optimization , 1980 .

[48]  J. Jubin,et al.  The DARPA packet radio network protocols , 1987, Proceedings of the IEEE.

[49]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[50]  James E. Baker,et al.  Adaptive Selection Methods for Genetic Algorithms , 1985, International Conference on Genetic Algorithms.

[51]  John H. Holland,et al.  Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence , 1992 .

[52]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[53]  Zbigniew Michalewicz,et al.  Evolutionary Computation 2 , 2000 .

[54]  Roshan K. Thomas,et al.  Models for coalition-based access control (CBAC) , 2002, SACMAT '02.

[55]  John R. Koza,et al.  Hierarchical Genetic Algorithms Operating on Populations of Computer Programs , 1989, IJCAI.

[56]  Luke Church,et al.  Privacy suites: shared privacy for social networks , 2009, SOUPS.

[57]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[58]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[59]  Subhabrata Chakraborti,et al.  Nonparametric Statistical Inference , 2011, International Encyclopedia of Statistical Science.

[60]  Charu C. Aggarwal,et al.  Data Streams: Models and Algorithms (Advances in Database Systems) , 2006 .

[61]  Shonali Krishnaswamy,et al.  Mining data streams: a review , 2005, SGMD.

[62]  John R. Koza,et al.  Genetic programming - on the programming of computers by means of natural selection , 1993, Complex adaptive systems.

[63]  G. T. Gangemi,et al.  Computer Security Basics , 2006 .

[64]  Jürgen Branke,et al.  Evolutionary Optimization in Dynamic Environments , 2001, Genetic Algorithms and Evolutionary Computation.

[65]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[66]  Philippe Massonet,et al.  GRAIL/KAOS: An Environment for Goal-Driven Requirements Engineering , 1997, Proceedings of the (19th) International Conference on Software Engineering.

[67]  Robert W. Shirey,et al.  Internet Security Glossary, Version 2 , 2007, RFC.

[68]  F. P. Wilson,et al.  The Oxford dictionary of English proverbs , 1970 .

[69]  Morris Sloman,et al.  The representation of policies as system objects , 1991, COCS '91.

[70]  Geoff Hulten,et al.  Mining high-speed data streams , 2000, KDD '00.

[71]  Anthony Brabazon,et al.  Evolving technical trading rules for spot foreign-exchange markets using grammatical evolution , 2004, Comput. Manag. Sci..

[72]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[73]  Peter Nordin,et al.  Genetic programming - An Introduction: On the Automatic Evolution of Computer Programs and Its Applications , 1998 .

[74]  A. Tversky,et al.  The framing of decisions and the psychology of choice. , 1981, Science.

[75]  Wolfgang Banzhaf,et al.  A comparison of linear genetic programming and neural networks in medical data mining , 2001, IEEE Trans. Evol. Comput..